We are developing Medical Desktop Software in C++.
It is very important for us to have full development environment under control and revision.
One of important development steps is continuous static code analysis with SonarCloud. In order to have applied rules controlled (and not changed until we decide) we created our own Quality Profile, so when “Sonar Way” profile changes for C++ (adding/removing/obsoleting rules) our stays intact.
Even with having under control strict set of rules applied to our project, it is happening that suddenly new analysis finds bugs in the code that has not been changed for months. We assume that SonarCloud improves bug detection algorithms for each existing rule continuously, but we as a users are not notified when this happens.
Does SonarCloud have versioning system of rules/algorithms which are applied to the analysis run? How can it happen that same rule is suddenly finding bugs where they have not been found in previous runs?